Is DHS ready to take the lead on cybersecurity?
As cybersecurity legislation languishes in Congress and the president mulls an executive order, critical infrastructure remains under-secured and disputes over leadership linger, according to a panel of experts.
Destructive attacks, a “cyber 9/11” and companies bankrupted by data breaches: They’re all ugly scenarios that government officials often use to underscore the cyber threat. But is it enough to compel action?
As cybersecurity legislation languishes in Congress, critical infrastructure remains under-secured and disputes over leadership linger, a panel of officials speaking Oct. 1 at the Wilson Center in Washington warned that the problem continues to grow. To counter the threat, there must be a solid public-private partnership that includes a central organization leading the way, the panelists said.
“It is broad, but it is a fundamental problem nonetheless. If you think about it, we’ve had building codes for generations to make sure…that a building meets certain standards,” said Sen. Susan Collins (R-Maine). “Now that we’re in a society and economy in which computers operate virtually everything…it seems to me that we’ve got to have standards that are met. The best way to do that is through a collaborative system that draws upon the expertise of the private sector and the knowledge of government.”
Collaboration between government and the private sector has been a cornerstone in the national cybersecurity discussion, and was also a central part of the failed Cybersecurity Act of 2012. At the Wilson Center event, panelists all called on the Homeland Security Department to play a leading role in federal cybersecurity efforts, but seemed uncertain as to whether the agency is ready to do so just yet.
“We’ve often heard criticisms that DHS isn’t up to the job; well, that is their job. If they can’t pull this together then we have to have a different conversation about why our Homeland Security Department can’t defend the homeland from one of the most critical [threats],” said Anthony Romero, executive director of the American Civil Liberties Union. “The reason DHS needs to be in charge of this is they’re the accountability. We’re not capable of having that level of civilian oversight if it were placed in the Pentagon.”
Army Gen. Keith Alexander, commander at U.S Cyber Command and director of the National Security Agency, agreed that DHS needs to have a leading role in cybersecurity, and said he is confident in the agency’s abilities.
“Given where the discussion is, that’s the right thing to do. Cyber is so important that we need to make sure we’re doing it right, and the way to do that is through transparency,” Alexander said. “My experience with DHS is that they’re growing and they’re coming on fast. They’re getting there. We can throw rocks at them, but I think our nation needs them to be in the middle of this.”
Alexander said he sees DHS as the “entry point” for partnership with industry, and outlined a dream team of his own for handling national cybersecurity. With DHS leading, the FBI would handle law enforcement and attribution, NSA would be in charge of foreign intelligence, and Cyber Command would be tasked with defending the nation, he said.
“Together that team is what, I think, the American people hold us accountable for doing. We have to have it transparent with oversight,” Alexander said.